This document presents a reference architecture and security risk assessment of high voltage substations. The risk assessments to supports the definition of security measures in the security architecture for substation automation. They are used to derive security requirements for gateways, IEDs, and HMI software, and to define a security policy for substation automation.
The risk assessment covers high voltage substations, including both transmission and transformer substations. It applies for both Distribution System Operators (DSOs) and Transmission System Operators (TSOs). The risk assessment aims to cover different generations of substations, from legacy to current and future designs. The risk assessment has been performed using the BowTie method.